Skip to content

docs: clarify capability needs DNS vs. DHCP+DNS #392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
graysky2 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

docs: clarify capability needs DNS vs. DHCP+DNS #392

graysky2 wants to merge 1 commit into from

Conversation

@graysky2
Copy link

@graysky2 graysky2 commented Jan 29, 2026

CAP_NET_RAW is only required when running AdGuard Home with DHCP server enabled. Split the setcap instructions to show:

  • DNS-only mode: requires only CAP_NET_BIND_SERVICE
  • DHCP+DNS mode: requires both CAP_NET_BIND_SERVICE and CAP_NET_RAW

Verified running as non-root with just CAP_NET_BIND_SERVICE and DNS-only works fine.

% lsof -i :53
COMMAND   PID        USER FD   TYPE  DEVICE SIZE/OFF NODE NAME
adguardho 183 adguardhome 12u  IPv6 1469109      0t0  UDP *:domain
adguardho 183 adguardhome 23u  IPv6 1469110      0t0  TCP *:domain (LISTEN)

windsurf-bot[bot]
windsurf-bot bot reviewed Jan 29, 2026
View reviewed changes
Copy link
Contributor

@windsurf-bot windsurf-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 To request another review, post a new comment with "/windsurf-review".

@graysky2
docs: clarify capability needs DNS vs. DHCP+DNS
ff88629 
CAP_NET_RAW is only required when running AdGuard Home with DHCP
server enabled. Split the setcap instructions to show:
- DNS-only mode: requires only CAP_NET_BIND_SERVICE
- DHCP+DNS mode: requires both CAP_NET_BIND_SERVICE and CAP_NET_RAW

Verified running as non-root with just CAP_NET_BIND_SERVICE and
DNS-only works fine.

% lsof -i :53
COMMAND   PID        USER FD   TYPE  DEVICE SIZE/OFF NODE NAME
adguardho 183 adguardhome 12u  IPv6 1469109      0t0  UDP *:domain
adguardho 183 adguardhome 23u  IPv6 1469110      0t0  TCP *:domain (LISTEN)

Signed-off-by: John Audia <therealgraysky@proton.me>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@windsurf-bot windsurf-bot[bot] windsurf-bot[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@graysky2